[alsa-devel] [PATCH 1/2] ALSA: info: Avoid leaking kernel memory

David Henningsson david.henningsson at canonical.com
Thu Mar 14 07:15:28 CET 2013


On 03/13/2013 05:36 PM, Takashi Iwai wrote:
> Make sure that the allocated buffer for reading the proc file won't
> expose the uncleared kernel memory.

This should go to stable too, due to the security implications of 
leaking possibly sensitive information to userspace?

>
> Signed-off-by: Takashi Iwai <tiwai at suse.de>
> ---
>   sound/core/info.c | 4 ++--
>   1 file changed, 2 insertions(+), 2 deletions(-)
>
> diff --git a/sound/core/info.c b/sound/core/info.c
> index db308db..58e97b3 100644
> --- a/sound/core/info.c
> +++ b/sound/core/info.c
> @@ -89,7 +89,7 @@ static int resize_info_buffer(struct snd_info_buffer *buffer,
>   	char *nbuf;
>
>   	nsize = PAGE_ALIGN(nsize);
> -	nbuf = krealloc(buffer->buffer, nsize, GFP_KERNEL);
> +	nbuf = krealloc(buffer->buffer, nsize, GFP_KERNEL | __GFP_ZERO);
>   	if (! nbuf)
>   		return -ENOMEM;
>
> @@ -353,7 +353,7 @@ static int snd_info_entry_open(struct inode *inode, struct file *file)
>   				goto __nomem;
>   			data->rbuffer = buffer;
>   			buffer->len = PAGE_SIZE;
> -			buffer->buffer = kmalloc(buffer->len, GFP_KERNEL);
> +			buffer->buffer = kzalloc(buffer->len, GFP_KERNEL);
>   			if (buffer->buffer == NULL)
>   				goto __nomem;
>   		}
>



-- 
David Henningsson, Canonical Ltd.
https://launchpad.net/~diwic


More information about the Alsa-devel mailing list